From a5acd4c9a3b24c9d5af3a8f504e5af053fa7fa09 Mon Sep 17 00:00:00 2001 From: boris Date: Thu, 20 Dec 2018 21:38:04 +1300 Subject: yo is this loss --- .../csgo-client/RemoteCode/RemoteProcess.cpp | 118 +++++++++++++++------ 1 file changed, 85 insertions(+), 33 deletions(-) (limited to 'csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp') diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp index 7397c7d..969f907 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp @@ -1,47 +1,99 @@ #include -namespace RemoteCode { +namespace RemoteCode +{ // RemoteModule implementation - RemoteModule::RemoteModule(HANDLE Module, RemoteProcess &Process) : - m_Module(Module) { - // Read information about module. - MODULEINFO ModuleInfo{}; - if(!K32GetModuleInformation(Process, (HMODULE)Module, &ModuleInfo, sizeof ModuleInfo)) - return; - - // Read module data. - m_ModuleData.reserve(ModuleInfo.SizeOfImage); - Process.Read(ModuleInfo.lpBaseOfDll, m_ModuleData.data(), m_ModuleData.size()); - } + RemoteModule::RemoteModule(HANDLE Module) : + m_Module(Module) {} - uintptr_t RemoteModule::Scan(ByteArray &Data) { - if(m_ModuleData.empty()) - return uintptr_t{}; + // RemoteProcess implementation + bool RemoteProcess::Start(const char *ProcessName) + { + void *Toolhelp = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); - // We have a valid file (?) - uint8_t *Buffer = m_ModuleData.data(); + if(!Toolhelp) + return false; - if(!Buffer || *(uint16_t *)Buffer != IMAGE_DOS_SIGNATURE) - return uintptr_t{}; + PROCESSENTRY32 ProcessEntry{}; + ProcessEntry.dwSize = sizeof PROCESSENTRY32; - // Read PE information. - IMAGE_DOS_HEADER *DosHeader = (IMAGE_DOS_HEADER *)Buffer; - IMAGE_NT_HEADERS *NtHeaders = (IMAGE_NT_HEADERS *)(Buffer + DosHeader->e_lfanew); + if(!Process32First(Toolhelp, &ProcessEntry)) + return false; - if(NtHeaders->Signature != IMAGE_NT_SIGNATURE) - return uintptr_t{}; + while(Process32Next(Toolhelp, &ProcessEntry)) + { + if(strstr(ProcessName, ProcessEntry.szExeFile)) + { + CloseHandle(Toolhelp); - // Find signature. - ByteArray::iterator Iterator = std::search( - m_ModuleData.begin(), - m_ModuleData.end(), - Data.begin(), - Data.end() - ); + // swoo + m_ProcessId = ProcessEntry.th32ProcessID; + m_Process = OpenProcess(PROCESS_ALL_ACCESS, false, ProcessEntry.th32ProcessID); + return true; + } + } - return (uintptr_t)std::distance(m_ModuleData.begin(), Iterator); + CloseHandle(Toolhelp); + return false; } - // RemoteProcess implementation + void RemoteProcess::ReadMemoryWrapper_Internal(void *Address, void *Data, size_t SizeOfData) + { + static auto ZwReadVirtualMemory = Syscalls->Find(FNV("ZwReadVirtualMemory")); + ZwReadVirtualMemory(m_Process, Address, Data, SizeOfData, nullptr); + } + + void RemoteProcess::WriteMemoryWrapper_Internal(void *Address, void *Data, size_t SizeOfData) + { + static auto ZwWriteVirtualMemory = Syscalls->Find(FNV("ZwWriteVirtualMemory")); + ZwWriteVirtualMemory(m_Process, Address, Data, SizeOfData, nullptr); + } + void *RemoteProcess::Allocate(size_t AllocationSize) + { + void *AllocationAddress = nullptr; + static auto ZwAllocateVirtualMemory = Syscalls->Find(FNV("ZwAllocateVirtualMemory")); + + // :b:invoke the :b:unction :b:oi + NTSTATUS Status = ZwAllocateVirtualMemory( + m_Process, + &AllocationAddress, + 0, + &AllocationSize, + MEM_COMMIT | MEM_RESERVE, + PAGE_EXECUTE_READWRITE + ); + + if(!NT_SUCCESS(Status)) + return nullptr; + + return AllocationAddress; + } + + RemoteModule RemoteProcess::FindModule(const char *ModuleName) + { + void *Toolhelp = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, m_ProcessId); + + if(!Toolhelp) + return RemoteModule{}; + + MODULEENTRY32 ModuleEntry{}; + ModuleEntry.dwSize = sizeof MODULEENTRY32; + + if(!Module32First(Toolhelp, &ModuleEntry)) + return RemoteModule{}; + + while(Module32Next(Toolhelp, &ModuleEntry)) + { + printf("%s\n", ModuleEntry.szModule); + if(strstr(ModuleEntry.szModule, ModuleName)) + { + CloseHandle(Toolhelp); + return RemoteModule(ModuleEntry.hModule); + } + } + + CloseHandle(Toolhelp); + return RemoteModule{}; + } } \ No newline at end of file -- cgit v1.2.3